There has been a recent increase worldwide in government demands for data held by the private sector, including an expansion in government requests for (i) direct access by the government to private-sector databases or networks, or (ii) government access, whether direct or mediated by the company that maintains the database or network, to large volumes of data. Documents describing programs involving large-scale government access to telephony and Internet metadata have been declassified in response to disclosures of former National Security Agency contractor Edward Snowden. Relying on analysis of the law and practices in 13 countries, this Article develops both a descriptive framework for comparing national laws on surveillance and government access to data held by the private sector, and a normative framework based on factors derived from constitutional and human rights law. In most, if not all countries studied, the law provides an inadequate foundation for systematic access, both from a human rights perspective and at a practical level. Systematic surveillance programs are often not transparent and based on secret governmental interpretations of the law, and there is often inconsistency between published law and government practice.The article calls for a robust, global debate on the standards for government surveillance premised on greater transparency about current practices; international human rights law provides a useful framework for that debate.